Patent 

Docket No. 2003-0019 
61922-00007USPT 

CLAIMS 

What is claimed as new and desired to be protected by Letters Patent of the United 
States is: 



1 1 . An internet service provider (ISP) network comprising: 

2 a plurality of routers connected to provide an internet protocol network (IP); 

3 a first router, of said plurality of routers, in communication with an internet 

4 application, said internet application having a first IP address; 

5 a black-hole router in communication with said plurality of routers, said black- 

6 hole router adapted to have a bogus IP address that is the same as said first IP address, said 

7 bogus IP address having a higher preference than said first IP address; 

8 wherein either one of said plurality of routers or said black-hole router is 

9 adapted to inject a black-hole route scheme into a dynamic routing protocol used by said ISP 

10 network such that selected ones of said plurality of routers route traffic to said bogus address 

1 1 of said black-hole router. 

1 2. The ISP network of claim 1, wherein said dynamic routing protocol is Boarder 

2 Gateway Protocol (BGP). 

1 3. The ISP network of claim 1, wherein said black-hole route is injected when 

2 said internet application is under a Distributed Denial of Service (DDoS) attack. 

1 4. The ISP network of claim 1, wherein said selected ones of said plurality of 

2 routers route traffic to said bogus address via a consistent scheme. 
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5. The ISP network of claim 1, wherein said selected ones of said plurality of 
routers can be changed in real-time by injecting a new black-hole route scheme into said 
dynamic routing protocol. 
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1 6. An internet service provider (ISP) network comprising: 

2 a first router in communication with said ISP network; 

3 an internet application, having a first IP address, in communication with said 

4 first router, said first router directing internet traffic to said first IP address of said internet 

5 application; and 

6 a second router, adapted to be a black-hole router, in communication with said 



7 ISP network, said second router adapted to receive internet traffic that was originally 

8 addressed to said first IP address, but was re-routed through predetermined routers within 

9 said ISP network, said predetermined routers being less than all the routers in said ISP 
10 network. 

1 7. The ISP network of claim 6, further comprising a third router in 

2 communication with said ISP network, said third router adapted to use an Interior Gateway 

3 Protocol (IGP) to inject a black-hole address, which is the same as the first IP address, but 

4 with a higher preference, into at least said predetermined routers within said ISP network 

5 such that internet traffic originally addressed to said first IP address and routed through said 

6 predetermined routers is redirected to said second router. 

1 8. The ISP network of claim 6, wherein said internet traffic originally addressed 

2 to said first IP address, but rerouted through predetermined routers comprises possibly both 

3 attack traffic and legitimate traffic. 
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9. The ISP network of claim 6, wherein said attack traffic comprises possibly 
but not limited to PING or SYN messages. 

10. The ISP network of claim 8, wherein said internet traffic addressed to said first 
IP address, but rerouted through predetermined routers comprises possibly both attack traffic 
and legitimate traffic. 

11. The ISP network of claim 6, wherein said predetermined routers create 
consistent routing to said second router. 
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1 12. A method of black-holing internet traffic in an ISP network, said method 

2 comprising: 

3 injecting, by a first router, an instruction into said ISP network; 

4 responding to said instruction, by a plurality of routers within said ISP 

5 network, such that a first number of routers become black-holing routers and a second 

6 number of routers become non-black-holing routers; 

7 routing internet traffic addressed for a first IP address, by said non-black- 

8 holing routers, to an internet application having said first IP address; and 

9 routing internet traffic addressed for said first IP address, by said black-holing 
10 routers, to a black-hole router having said first IP address. 

1 13. The method of claim 12, wherein said instruction is a dynamic routing 

2 protocol instruction. 

1 14. The method of claim 12, wherein said instruction provides a black-holing 

2 route injected into a Boarder Gateway Protocol (BGP). 

1 15. The method of claim 12, wherein each said black-holing router provides said 

2 internet traffic, routed toward said black-hole router, to a next-hop black-holing router. 

1 16. The method of claim 12, further comprising, changing the number of said first 

2 number of routers and said second number of routers in real-time. 
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17. The method of claim 12, wherein the route to said black-hole router having 
said first IP address has a higher preference when compared to the preference of the route to 
said internet application having said first IP address. 

18. The method of claim 12, wherein said steps of routing internet traffic on the 
router to said black-hole router is consistent routing. 

19. The method of claim 18, wherein consistent routing requires that a black- 
holing router in said ISP network routes traffic having said first IP address to other black- 
holing routers and wherein non-black-holing router routes said first IP address to other non- 
black-holing routers. 
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